# justlend-mining.pages.dev — SUSPICIOUS > justlend-mining.pages.dev lures victims with fake crypto mining rewards. This domain has a 1/95 VirusTotal flag rate. Check the full report. ## Summary PhishDestroy identifies an active phishing campaign hosted at justlend-mining.pages.dev that masquerades as JustLend DAO, a legitimate decentralized finance protocol on the Tron network. This malicious domain mimics the branding and functionality of JustLend to deceive users into connecting their cryptocurrency wallets under the false pretense of earning mining rewards. Once connected, victims are prompted to deposit TRX or other tokens, after which their funds are drained via smart contract exploits or unauthorized transfers. The site leverages social engineering tactics such as urgency and fake reward tiers to pressure users into acting quickly, a common pattern in cryptocurrency-related phishing attacks. This domain was flagged by 1 out of 95 VirusTotal security vendors and is blocked by ScamSniffer and Enkrypt. It resolves to IP address 188.114.96.3 and is registered through Cloudflare, Inc. The SSL certificate is issued by Google Trust Services, which may lend an air of legitimacy to unsuspecting users. Notably, the domain appears on 2 security blocklists, indicating prior detection by threat intelligence platforms. While the exact creation date is not provided, the combination of recent activity, low detection rate, and active blocking suggests a newly deployed or evolving threat. Users who visited justlend-mining.pages.dev should immediately disconnect any connected wallets using tools like WalletConnect or MetaMask’s disconnect feature. Revoke any token approvals via platforms such as revoke.cash or approve.cash to prevent unauthorized transfers. If funds were lost, report the incident to local law enforcement and file a complaint with relevant cybercrime units. Monitor wallet activity closely for signs of further compromise and consider using hardware wallets for enhanced security. Avoid interacting with similar domains offering unrealistic mining rewards, as these are often fronts for theft. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["ScamSniffer", "Enkrypt"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/65f7ea99-ef17-4c3a-8b62-728849db2dd7 - PhishDestroy: https://phishdestroy.io/domain/justlend-mining.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/justlend-mining.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/justlend-mining.pages.dev/ Last updated: 2026-03-24